In some cases, pieces or products, for example including systems on chip, are, after fabrication, delivered to a final user who can incorporate sensitive data therein, for example cryptography keys or even secrets which are specific to the final user.
This final user, when he or she wants to preserve the sensitive data contained in the piece, has the possibility of switching to a so-called “closed” state. In this state, the sensitive data and/or secrets remain accessible but only in a very controlled way (for example by using a secure bootstrap code of the processor of the system on chip and/or an authentication of this code) upon the execution on the processor of the application of the final user.
Some of these pieces, including “closed” pieces, may be subject to malfunctions. To analyze a “closed” piece, it is necessary first of all to open up the possibility of debugging.
In effect, failure analysis generally uses a debugging tool which will make it possible to probe and send test patterns to different components of the system on chip so as to try to find the cause of the malfunction.
In the “closed” state of a piece, the opening of the debugging can be performed upon the execution of the application of the final user, if the program code of this application provides this opening possibility. That therefore requires the execution of this application at the final user level.
The final user may decide to entrust the failure analysis (which will necessitate an opening of the debugging) to a third party, for example to the manufacturer and/or to the designer of the product.
There is then a need to offer the possibility of placing a product, initially in a “closed” state, in a mode in which opening the possibility of debugging is authorized subject to certain conditions, while, if necessary, preserving the confidentiality of the sensitive data and/or secrets, but independently of the application of the final user, that is to say, without it being necessary to execute this application.
Moreover, there is a need, independently of the presence or not of sensitive data in the system on chip to be analyzed, to facilitate the access to the debugging mode.
Finally, it may be advantageous, to offer the possibility for the final user to recover his or her product, once analyzed and possibly repaired, in a “closed” state, identical to the state the product was in before analysis, but then prohibiting any new possibility of analysis by a third party.
In other words, such a product restored to the “closed” state can no longer be the subject of any analysis by debugging by the manufacturer itself for example.